More updates for ver 3.0.0

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1502 48356398-32a2-884e-a903-53898d9a118a
2024-11-09 23:28:42 +00:00 · 2008-01-13 05:28:39 +00:00 · 2008-01-13 05:28:39 +00:00 · aca282104f
commit aca282104f
parent a8f7cddd49
8 changed files with 97 additions and 41 deletions
--- a/plugins/phorum/Changelog
+++ b/plugins/phorum/Changelog
@ -0,0 +1,19 @@
 Changelog                                         HTMLPurifier : Phorum Mod
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 = KEY ====================
    # Breaks back-compat
    ! Feature
    - Bugfix
      + Sub-comment
    . Internal change
 ==========================
 Version 3.0.0 for Phorum 5.2, released January 12, 2008
 # WYSIWYG and suppress_message options are now configurable via web
  interface.
 - Module now compatible with Phorum 5.2, primary bugs were in migration
  code as well as signature and edit message handling. This module is NOT
  compatible with Phorum 5.1.
 - Buggy WYSIWYG mode refined
 . AutoFormatParam added to list of default configuration namespaces
--- a/plugins/phorum/install.txt
+++ b/plugins/phorum/install.txt
@ -13,15 +13,31 @@ BBCode formatting, simply move migrate.bbcode.php to that place; for
 other markup languages, consult said file for instructions on how
 to adapt it to your needs.
    -- NOTE -------------------------------------------------
    You can also run this module in parallel with another
    formatting module; this module attempts to place itself
    at the end of the filtering chain. However, if any
    previous modules produce insecure HTML (for instance,
    a JavaScript email obfuscator) they will get cleaned.
 This module will not work if 'migrate.php' is not created, and an improperly
 made migration file may *CORRUPT* Phorum, so please take your time to
 do this correctly. It should go without saying to *BACKUP YOUR DATABASE*
-before attempting anything here.
+before attempting anything here. If no migration is necessary, you can
 simply create a blank migrate.php file. HTML Purifier is smart and will
 not re-migrate already processed messages. However, the original code
 is irretrievably lost (we may change this in the future.)
 This module will not automatically migrate user signatures, because this
 process may take a long time. After installing the HTML Purifier module and
 then configuring 'migrate.php', navigate to Settings and click 'Migrate
-Signatures' to migrate all user signatures.
+Signatures' to migrate all user signatures to HTML.
-Visit HTML Purifier at <http://htmlpurifier.org/>. May the force
+All of HTML Purifier's usual functions are configurable via the mod settings
-be with you.
+page. If you require custom configuration, create config.php file in
 the mod directory that edits a $config variable. Be sure, also, to
 set $PHORUM['mod_htmlpurifier']['wysiwyg'] to TRUE if you are using a
 WYSIWYG editor (you can do this through a common hook or the web
 configuration form).
 Visit HTML Purifier at <http://htmlpurifier.org/>.
--- a/plugins/phorum/htmlpurifier.php
+++ b/plugins/phorum/htmlpurifier.php
@ -17,8 +17,7 @@
 * administrators who need to edit other people's comments may be at
 * risk for some nasty attacks.
 * 
- * Tested with Phorum 5.1.22. This module will almost definitely need
+ * Tested with Phorum 5.2.6.
 * to be upgraded when Phorum 6 rolls around.
 */
 // Note: Cache data is base64 encoded because Phorum insists on flinging
@ -121,8 +120,8 @@ function phorum_htmlpurifier_format($data)
 }
 // -----------------------------------------------------------------------
-// This is fragile code, copied from read.php:596 (Phorum 5.2.6). It will break if
+// This is fragile code, copied from read.php:596 (Phorum 5.2.6). Please
-// that is changed
+// keep this code in-sync with Phorum
 /**
 * Generates a signature based on a message array
@ -162,11 +161,11 @@ function phorum_htmlpurifier_generate_editmessage($row) {
 * @param $row Message passed by reference
 */
 function phorum_htmlpurifier_remove_sig_and_editmessage(&$row) {
    // attempt to remove the Phorum's pre-processing:
    // we must not process the signature or editmessage
    $signature = phorum_htmlpurifier_generate_sig($row);
    $editmessage = phorum_htmlpurifier_generate_editmessage($row);
    $replacements = array();
    // we need to remove add <phorum break> as that is the form these
    // extra bits are in.
    if ($signature) $replacements[str_replace("\n", "<phorum break>\n", $signature)] = '';
    if ($editmessage) $replacements[str_replace("\n", "<phorum break>\n", $editmessage)] = '';
    $row['body'] = strtr($row['body'], $replacements);
@ -176,7 +175,7 @@ function phorum_htmlpurifier_remove_sig_and_editmessage(&$row) {
 /**
 * Indicate that data is fully HTML and not from migration, invalidate
 * previous caches
- * @note This function used to generate the actual cache entries, but
+ * @note This function could generate the actual cache entries, but
 *       since there's data missing that must be deferred to the first read
 */
 function phorum_htmlpurifier_posting($message) {
@ -222,24 +221,6 @@ function phorum_htmlpurifier_common() {
        exit;
    }
    // see if our hooks need to be bubbled to the end
    phorum_htmlpurifier_bubble_hook('format');
 }
 function phorum_htmlpurifier_bubble_hook($hook) {
    global $PHORUM;
    $our_idx = null;
    $last_idx = null;
    if (!isset($PHORUM['hooks'][$hook]['mods'])) return;
    foreach ($PHORUM['hooks'][$hook]['mods'] as $idx => $mod) {
        if ($mod == 'htmlpurifier') $our_idx = $idx;
        $last_idx = $idx;
    }
    list($mod) = array_splice($PHORUM['hooks'][$hook]['mods'], $our_idx, 1);
    $PHORUM['hooks'][$hook]['mods'][] = $mod;
    list($func) = array_splice($PHORUM['hooks'][$hook]['funcs'], $our_idx, 1);
    $PHORUM['hooks'][$hook]['funcs'][] = $func;
 }
 /**
@ -253,9 +234,10 @@ function phorum_htmlpurifier_before_editor($message) {
            // de-entity-ize contents
            $body = str_replace(array('&lt;','&gt;','&amp;'), array('<','>','&'), $body);
            $purifier =& HTMLPurifier::getInstance();
-            $body = $purifier->purify($message['body']);
+            $body = $purifier->purify($body);
            // re-entity-ize contents
            $body = htmlspecialchars($body, ENT_QUOTES, $GLOBALS['PHORUM']['DATA']['CHARSET']);
            $message['body'] = $body;
        }
    }
    return $message;
@ -264,7 +246,22 @@ function phorum_htmlpurifier_before_editor($message) {
 function phorum_htmlpurifier_editor_after_subject() {
    // don't show this message if it's a WYSIWYG editor, since it will
    // then be handled automatically
-    if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) return;
+    if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
        $i = $GLOBALS['PHORUM']['DATA']['MODE'];
        if ($i == 'quote' || $i == 'edit' || $i == 'moderation') {
          ?>
          <div>
            <p>
              <strong>Notice:</strong> HTML has been scrubbed for your safety.
              If you would like to see the original, turn off WYSIWYG mode
              (consult your administrator for details.)
            </p>
          </div>
          <?php
        }
        return;
    }
    if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['suppress_message'])) return;
    ?><div class="htmlpurifier-help">
    <p>
        <strong>HTML input</strong> is enabled. Make sure you escape all HTML and
--- a/plugins/phorum/info.txt
+++ b/plugins/phorum/info.txt
@ -1,8 +1,16 @@
 title:   HTML Purifier Phorum Mod
 desc:    This module enables standards-compliant HTML filtering on Phorum. Please check migrate.bbcode.php before enabling this mod.
 author:  Edward Z. Yang
 url:     http://htmlpurifier.org/
 version: 3.0.0
 hook:  format|phorum_htmlpurifier_format
 hook:  quote|phorum_htmlpurifier_quote
 hook:  posting_custom_action|phorum_htmlpurifier_posting
 hook:  common|phorum_htmlpurifier_common
 hook:  before_editor|phorum_htmlpurifier_before_editor
 hook:  tpl_editor_after_subject|phorum_htmlpurifier_editor_after_subject
-title: HTML Purifier Phorum Mod
+
-desc:  This module enables standards-compliant HTML filtering on Phorum. Please check migrate.bbcode.php before enabling this mod.
+# This module is meant to be a drop-in for bbcode, so make it run last.
 priority: run module after *
 priority: run hook format after *
--- a/plugins/phorum/migrate.bbcode.php
+++ b/plugins/phorum/migrate.bbcode.php
@ -11,7 +11,8 @@
 * If you do NOT want to have any migration performed (for instance, you
 * are installing the module on a new forum with no posts), simply remove
 * phorum_htmlpurifier_migrate() function. You still need migrate.php
- * present, otherwise the module won't work.
+ * present, otherwise the module won't work. This ensures that the user
 * explicitly says, "No, I do not need to migrate."
 */
 if(!defined("PHORUM")) exit;
--- a/plugins/phorum/settings.php
+++ b/plugins/phorum/settings.php
@ -38,7 +38,7 @@ $PHORUM['mod_htmlpurifier']['directives'] = array(
    'HTML.Allowed',
    'AutoFormat',
    '-AutoFormat.Custom',
-    '-AutoFormat.PurifierLinkify',
+    'AutoFormatParam',
    'Output.TidyFormat',
 );
--- a/plugins/phorum/settings/form.php
+++ b/plugins/phorum/settings/form.php
@ -20,6 +20,17 @@ function phorum_htmlpurifier_show_form() {
    $frm->addbreak("Edit settings for the HTML Purifier module");
    $frm->addMessage('<p>The box below sets <code>$PHORUM[\'mod_htmlpurifier\'][\'wysiwyg\']</code>.
    When checked, contents sent for edit are now purified and the
    informative message is disabled. If your WYSIWYG editor is disabled for
    admin edits, you can safely keep this unchecked.</p>');
    $frm->addRow('Use WYSIWYG?', $frm->checkbox('wysiwyg', '1', '', $PHORUM['mod_htmlpurifier']['wysiwyg']));
    $frm->addMessage('<p>The box below sets <code>$PHORUM[\'mod_htmlpurifier\'][\'suppress_message\']</code>,
    which removes the big how-to use
    HTML Purifier message.</p>');
    $frm->addRow('Suppress information?', $frm->checkbox('suppress_message', '1', '', $PHORUM['mod_htmlpurifier']['suppress_message']));
    $frm->addMessage('<p>Click on directive links to read what each option does
    (links do not open in new windows).</p>
    <p>For more flexibility (for instance, you want to edit the full
@ -63,6 +74,8 @@ function phorum_htmlpurifier_show_config_info() {
          A <tt>config.php</tt> file exists in your <tt>mods/htmlpurifier/</tt>
          directory. This file contains your custom configuration: in order to
          change it, please navigate to that file and edit it accordingly.
          You can also set <code>$GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg']</code>
          or <code>$GLOBALS['PHORUM']['mod_htmlpurifier']['suppress_message']</code>
        </p>
        <p>
          To use the web interface, delete <tt>config.php</tt> (or rename it to
--- a/plugins/phorum/settings/save.php
+++ b/plugins/phorum/settings/save.php
@ -9,12 +9,14 @@ function phorum_htmlpurifier_save_settings() {
        $config = phorum_htmlpurifier_get_config();
        if (!isset($_POST['reset'])) $config->mergeArrayFromForm($_POST, 'config', $PHORUM['mod_htmlpurifier']['directives']);
        $PHORUM['mod_htmlpurifier']['config'] = $config->getAll();
    }
    $PHORUM['mod_htmlpurifier']['wysiwyg'] = !empty($_POST['wysiwyg']);
    $PHORUM['mod_htmlpurifier']['suppress_message'] = !empty($_POST['suppress_message']);
    if(!phorum_htmlpurifier_commit_settings()){
        $error="Database error while updating settings.";
    } else {
        echo "Settings Updated<br />";
    }
    }
 }
 function phorum_htmlpurifier_commit_settings() {